CVE-2024-1709 ConnectWise ScreenConnect Authentication Bypass / CVE-2024-1708 ConnectWise ScreenConnect Path Traversal Vulnerabilities

This advisory is for organizations that use ConnectWise ScreenConnect for remote desktop and support activities.  This vulnerability does not affect cloud servers hosted in or


ConnectWise released patches to address two vulnerabilities found in on-premise servers which could be chained to allow an attacker to upload a malicious ScreenConnect extension and gain remote connect execution.


CVE-2024-1709– Authentication bypass using alternate path

                CVSSv3: 10.0

CVE-2024-1708 – Improper limitation pathname to restricted directory

               CVSSv3: 8.4


Affected Platforms

ConnectWise ScreenConnect 23.9.7 and earlier



Update servers to 23.9.8


Additional Resources